Brexit, Privacy Shield and EU Data Free Movement 

Where does the UK stand, and why the cloud could evaporate.

As an investigative journalist with a keen eye for technology and law, I saw immediately the problems that might arise for the data centre sector should the UK decide to leave the EU. The potential problems have only been made worse however, by the now Prime Minister: Theresa May. 

A few weeks ago, the British public voted to leave to European Union, leading to uncertainty not only in the financial markets, but also within the technology and data sectors. People are unsure as to what a “Brexit” may mean for the European and British data industry, and whether any restrictions on data transfer between the EU and a now independent Britain may occur.

I believe that there are two possible outcomes:

Firstly, there will be no change whatsoever, the EU will recognise that our data privacy laws share similarities with their own, so no special measures will need to be in place for data transfers. Considering the large data industries based in London and Ireland which provide services the whole of the EU, it would seem an unwise move to attempt to restrict them. 

However, the second possibility, which is, in my opinion the more likely, is that the UK would have to negotiate its own “Privacy Shield” with the EU, due to the ex home secretary and current Prime Minister Theresa May’s Draft Investigatory Powers Bill, which the media has previously dubbed the “Snoopers Charter”. 

This is a rather large concern, as now that Theresa May has succeeded David Cameron as the next Prime Minister of Great Britain, she will no doubt push this controversial bill through the Commons, a bill which, in effect, is a mirror of the US’s own original data collection policy, a policy that resulted in the previous data security law, Safe Harbours’, invalidation.

The issue here is that for the new Privacy Shield to have even reached the debate stage, concessions had to be made by the US government, the main ones being “U.S authorities [must] affirm [the] absence of indiscriminate or mass surveillance” as well as ensuring data must be deleted when it no longer serves its purpose. Both of these rules have been agreed to by the US, and the bill has now been authorised by the EU’s article 31 committee for adoption by the EU. 

Unfortunately, the Investigatory Powers Bill is a contravention of both of these rules, as the bill states that “Internet service providers must keep records of all users’ internet activity for 12 months”, effectively bulk collecting and retaining data longer than its purpose. And to those who would say that we would also have to make concessions, I do not believe that the government would be willing to make any more concessions. Mrs May has already had to reluctantly concede several issues in order for the bill to be considered by parliament, and I feel it’s doubtful that she would make any more, especially since the issues in question are actually the main purpose of the potential legislation, to remove these would be to remove the whole bill.

I approached both the commissioner and the spokesperson for the Digital Single Market European Commission in an attempt to seek their opinion on the matter, however, they declined the opportunity to comment. I also contacted Theresa May, seeking her opinion, and level of commitment to the introduction of the Investigatory Powers Bill, but she also unfortunately declined the opportunity to comment. 

I am therefore left to weigh up the facts we know, and draw my own conclusions.

Given the evidence and prior history concerning the regulations of data free movement, I have to conclude that it is probable that data movement between Great Britain and the EU will be halted until we can negotiate with the EU our own version of Privacy Shield, whereby concessions will have to be made by the government: perhaps even the complete scrapping of Investigatory Powers Bill, in order to gain access to the single market that both businesses and the government itself are so desperate for. One can only hope that Mrs May, in her capacity of Prime Minister, will be willing to make any concessions needed to her personal pet project to protect the interests and data industries of her country.

If you have any questions or comments, or would like to know more about the article, please contact Dan Watkins at dan@infiniti-it.co.uk